Skip to main content
Glossary

Statement of Applicability (SoA)

A document that maps every control from a reference framework to your organization, recording which controls apply, which do not, and the justification for each decision. A core deliverable in ISO 27001 certification.

Why it matters

The SoA is the bridge between a generic framework and your specific security posture. Auditors use it to verify that you have consciously considered every control, not just cherry-picked the easy ones. Without a well-maintained SoA, certification audits stall and internal reviews lack structure.

In practice

Building an SoA means walking through each control in your chosen framework (for example, ISO 27001 Annex A) and documenting applicability, implementation status, and rationale. In vucavoid, baselines automate this process. You select a framework, the platform generates the full control set, and you mark applicability per control. Changes are tracked, and the baseline stays linked to the requirements it fulfills.

Related terms

Compliance Framework

A structured set of guidelines and controls to meet regulatory or industry security requirements.

Risk Assessment

The structured process of identifying, analyzing, and evaluating risks to decide what treatment they need.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.